fix: invalid tokens were not being rejected

well-known-components · Apr 26, 2021 · 71e410b · 71e410b
1 parent 4d21ff4
commit 71e410b
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/src/index.ts b/src/index.ts
@@ -60,7 +60,7 @@ export async function createMetricsComponent<K extends string, V extends object
         if (!header) return { status: 401 }
         const [_, value] = header.split(" ")
         if (value != bearerToken) {
-          if (!header) return { status: 401 }
+          return { status: 401 }
         }
       }
 

diff --git a/test/authentication.spec.ts b/test/authentication.spec.ts
@@ -25,4 +25,10 @@ describeTestE2E("Authenticated tests", ({ getComponents, run }) => {
     const res = await fetch.fetch("/a/metrics", { headers: { authorization: "Bearer asd" } })
     expect(res.status).toEqual(200)
   })
+
+  it("responds the /a/metrics endpoint with 401 with invalid token", async () => {
+    const { fetch } = getComponents()
+    const res = await fetch.fetch("/a/metrics", { headers: { authorization: "Bearer xxxxxxxxx" } })
+    expect(res.status).toEqual(401)
+  })
 })